Am 05.01.2015 um 00:43 schrieb rogt3...@proinbox.com:
Reading Postfix's docs re Disconnect suspicious SMTP clients http://www.postfix.org/STRESS_README.html#hangup in the example there it says "To hang up connections from blacklisted zombies, you can set specific Postfix SMTP server reject codes for specific RBLs ... We'll use zen.spamhaus.org as an example ... their documents say that a response of 127.0.0.10 or 127.0.0.11 indicates a dynamic client IP address, which means that the machine is probably running a bot of some kind." My question is about usage. Is there a reason NOT to simply use the 521 hangup coes for ALL the spamhaus hits from 127.0.0.2-11 ? It seems to me like all of those would be good candidates. Before I go ahead I wanted to ask in here from somebody with more epxerience maybe
frankly use postscreen with scoring which is *much* safer and always rejects with "550 5.7.1 Service unavailable; client [xx.xx.xx.xx] blocked using" and so you no longer need to think about the reject code which don't matter anyways, only 5xx is important
postscreen_dnsbl_ttl = 5m postscreen_dnsbl_threshold = 8 postscreen_dnsbl_action = enforce postscreen_greet_action = enforce postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7 dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5 bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8 dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3 dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8 zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4 zen.spamhaus.org=127.0.0.2*3 wl.mailspike.net=127.0.0.[18;19;20]*-2 list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].2*-4 list.dnswl.org=127.0.[0..255].3*-5
